Xem mẫu
Intrusion Prevention Systems
© 2012 Cisco and/or its affiliates. All rights reserved. 1
Contents
This chapter describes the functions and operations of intrusion detection systems (IDS) and intrusion prevention systems (IPS).
• The fundamentals of intrusion prevention, comparing IDS and IPS
• The building blocks of IPS, introducing the underlying technologies and deployment options
• The use of signatures in intrusion prevention, highlighting the benefits and drawbacks
• The need for IPS alarm monitoring, evaluating the options for event managers
• Analyzing the design considerations in deploying IPS
© 2012 Cisco and/or its affiliates. All rights reserved. 2
IPS Fundamentals
Introducing IDS and IPS :
• Targeted, mutating, stealth threats are increasingly difficult to detect.
• Attackers have insidious motivations and exploit high-impact targets, often for financial benefit or economic and political reasons
• Attackers are taking advantage of new ways of communication
IDS:
• Analyzes copies of the traffic stream
• Does not slow network traffic
• Allows some malicious traffic into the network
IPS:
• Works inline in real time to monitor Layer 2 through Layer 7 traffic and content
• Needs to be able to handle network traffic
© 2012 Cisco and/or its affiliates. All rights reserved. 3
• Prevents malicious traffic from entering the network
IDS and IPS technologies
• IDS and IPS technologies share several characteristics:
• IDS and IPS technologies are deployed as sensors.An IDS or an IPS sensor can be any of the following devices:
• A router configured with Cisco IOS IPS Software
• An appliance specifically designed to provide dedicated IDS or IPS services
• A network module installed in a Cisco adaptive security appliance, switch, or router
• IDS and IPS technologies typically monitor for malicious activities in two spots:
• Network:
• Hosts:
• IDS and IPS technologies use signatures to detect patterns of misuse in network traffic
• IDS and IPS technologies look for the following general patterns of
© 2012 Cisco and/or its affiliates. All rights reserved. 4
Intrusion Detection System
• An IDS monitors traffic offline and generates an alert (log) when it detects malicious traffic including:
– Reconnaissance attacks
– Access attacks
– Denial of Service attacks
• It is a passive device because it analyzes copies of the traffic stream traffic.
– Only requires a promiscuous interface.
– Does not slow network traffic.
– Allows some malicious traffic into the network.
© 2012 Cisco and/or its affiliates. All rights reserved. 5
...
- tailieumienphi.vn
nguon tai.lieu . vn